DC/OS Open Source Security

You can enable authentication in your datacenter with DC/OS oauth. Authentication is managed through the DC/OS web interface. The Admin Router enforces access control.

Out of the box DC/OS has an OpenID Connect 1.0 endpoint at dcos.auth0.com (in cooperation with Auth0) with connections to Google, GitHub, and Microsoft to provide basic authentication for DC/OS installations. DC/OS automatically adds the first user that logs in to the DC/OS cluster.

DC/OS uses the JSON Web Token (JWT) format for its authentication tokens. JWT is an open, industry standard (RFC
7519) method for securely representing claims between two parties. JWTs are obtained using
OpenID Connect 1.0, which is a simple identity layer built on top of the
OAuth 2.0 protocol.

DC/OS OAuth provides an HTTP API for managing local users in a RESTful fashion.